Best Practice Update

A white keyboard with the words 'Freedom of Information' in black text on one of the keys

FOI Requests generated by Artificial Intelligence

The ICO recently published some guidance about what to do if you receive an FOI request generated by Artificial Intelligence.

Here is the information as advised by the ICO:

Section 8 FOIA requires people make requests in writing (including by electronic means) and include their name and address for correspondence. A request isn't invalid just because someone's used technology to send multiple requests at the same time. But these issues may be relevant:


  • if you're concerned that the requesters haven't provided their real names. A request made in a false name is not valid. You can choose to question the requester's identity if you believe they've used a false name. Have a look at our guidance on pseudonyms: Recognising a request under the FOI Act

  • if you think that one group has used AI to send multiple requests. Requests sent by people who appear to be acting together can potentially be aggregated for cost purposes if the requests are for the same or similar information: Can we aggregate the cost of a number of requests?

  •  if you suspect the requests were sent out by different people acting together as part of a campaign. Requests sent as part of campaigns are not necessarily vexatious: requesters may be acting together simply to gain information that will assist their case. Our guidance on vexatious requests (section 14(1)) will help: Dealing with vexatious requests
There could be advantages to you if requesters use technology to help them write requests. You might find that the requests are simpler and more clearly written, making it easier to find what the requester wants.


Knowledge Bank

FOI Best Practice

Log the FOI request in the FOI Log.
Check whether you have the information in a recorded format.
Review our template response.
Be careful not to disclose any personal data.

Check in the FOI Examples & Advice for specific guidance about popular FOI requests to help with your response.

If you are still unsure or have any specific questions, email us: This email address is being protected from spambots. You need JavaScript enabled to view it. 



Test your FOI Knowledge:

Do you know the difference between a SAR and an FOI?

Invalid Input


Amazing, it is 20 working days if you are a public authority or 20 school days. You have ticked off an important item on the FOI checklist:

For further help and guidance and access to the full checklist, please contact This email address is being protected from spambots. You need JavaScript enabled to view it..




This kind of information may be included in your regular data protection training, but is something your data protection lead should know. 

Clipart cartoon with headphones on Please contact us for more help and advice about data protection compliance and cyber security standards: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice. 

 


Try asking the data protection lead in your organisation, or SLT digital lead or contact your DPO:

We can provide help and guidance with data protection compliance, cyber security standards and records management: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice.

Search